Trojan, niebieski ekran z 'kernelfaultcheck'

[mpajonk]

przy sicaganiu jakegos patcha do gry sciagnal sie trojan.
wydawalo mi sie, ze avast sam sobie z nim poradzil, ale po 2 minutach wyskoczyl niebieski ekran, wiec zrestartowalem kompa i odpalilem w awaryjnym trybie kilka programow. logi:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:12, on 2009-02-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Format\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\WINDOWS\system32\30004.dll,s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MPajonk\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230838724640
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 3799 bytes


tu powiedzialem, zeby usunal
-O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
-R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
-R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
-R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.6874                             *
*                                                                              *
********************************************************************************

Created at 18:27:27 on Saturday, February 07, 2009

Time Zone            :

Logged On User       : MPajonk

Operating System     : Microsoft Windows XP Home Edition Dodatek Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 Genuine Intel(R) CPU            2140  @ 1.60GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 20.48 GB
System Drive Free    : 7.64 GB

Total Physical Memory: 2047 MB
Free Physical Memory : 1776 MB
Total Page File      : 2047 MB
Free Page File       : 3854 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1968 MB

Boot State           : Fail-safe boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by MPajonk on 2009-02-07 at 18:29

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TDSSPROC.log - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 18:34:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f608c05e]
"001c9a3e8e1a"=hex:ed,9c,ae,f8,00,6c,cd,e5,de,9f,b2,1d,09,09,e9,d1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:8f,1f,0d,df,e7,70,1c,c4,f3,7a,35,5b,cc,56,29,bc,7a,77,2a,d5,05,..
"p0"="D:\Programy\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Programy\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:a3,3b,d2,69,9b,7f,3a,61,48,20,ca,ba,41,fd,bb,de,4a,31,a2,3a,2d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Programy\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:45,e9,a8,42,07,04,1c,d7,b8,c1,cc,3a,68,d6,35,a2,73,07,14,2e,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Programy\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:45,e9,a8,42,07,04,1c,d7,b8,c1,cc,3a,68,d6,35,a2,73,07,14,2e,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0011f608c05e]
"001c9a3e8e1a"=hex:ed,9c,ae,f8,00,6c,cd,e5,de,9f,b2,1d,09,09,e9,d1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2b,9b,c7,13,95,ab,49,c0,81,b3,e6,a6,30,d3,09,bf,b5,0c,7e,5d,c6,..
"p0"="D:\Programy\Alcohol 120\"

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE6E6B50-FB3B-34CE-2C13-FE9432396BD3}]
"hafhmolfmhlohkcc"=hex:6e,62,61,68,6c,66,67,6d,69,69,6e,6f,64,69,70,64,6e,6f,67,62,6b,..
"jafhmolfmhlohkccclie"=hex:66,61,61,68,6a,66,6a,63,6e,69,6d,6d,00,08
"paninbfchoiceljcilnglphmhlnanpeg"=hex:65,61,61,68,6c,66,70,62,6b,70,00,6d

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Gry\\CoD 4\\iw3mp.exe"="E:\\Gry\\CoD 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\Programy\\Tlen\\tlen.exe"="D:\\Programy\\Tlen\\tlen.exe:*:Enabled:Komunikator Tlen.pl"
"D:\\Programy\\Sun Java\\jre\\bin\\java.exe"="D:\\Programy\\Sun Java\\jre\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 13 Jan 2009           281 ...H. --- "C:\Boot.BAK"
Wed 14 Jan 2009         8,192 A.SHR --- "C:\BOOTSECT.BAK"
Mon 17 Nov 2008            24 ..SH. --- "C:\WINDOWS\S026297BE.tmp"
Sat  1 Nov 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Nov 2008           444 ...HR --- "C:\Documents and Settings\MPajonk\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]



bylbym wdzieczny za komentarz i pomoc, potrzebne jeszcze jakies operacje?

[sgsman]

1. Wsadź logi w tagi code.
2. Wrzuć loga z combofixa.

[mpajonk]

prosze bardzo:

Kod: Zaznacz wszystko

ComboFix 09-02-06.04 - MPajonk 2009-02-07 18:55:39.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1730 [GMT 1:00]
Uruchomiony z: e:\format\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\30004.dll
c:\windows\system32\drivers\seneka.sys

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-07 do 2009-02-07  )))))))))))))))))))))))))))))))
.

2009-02-07 18:26 . 2009-02-07 18:26   <DIR>   d--------   C:\ERDNT
2009-02-07 18:26 . 2009-02-07 18:26   <DIR>   d--------   C:\!FixIEDef
2009-02-07 18:25 . 2009-02-07 18:35   <DIR>   d--------   C:\SDFix
2009-02-05 18:55 . 2009-02-05 18:55   <DIR>   d--hs----   c:\documents and settings\MPajonk\UserData
2009-02-05 11:04 . 2009-02-05 11:04   <DIR>   d--------   c:\program files\Common Files\DirectX
2009-02-04 15:03 . 2009-02-04 15:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-29 13:50 . 2008-09-30 07:22   8,490,496   -----c---   c:\windows\system32\dllcache\shell32.dll
2009-01-29 13:50 . 2008-09-30 07:22   300,032   -----c---   c:\windows\system32\dllcache\ulib.dll
2009-01-29 13:50 . 2008-09-29 11:21   133,632   ---------   c:\windows\system32\drivers\exfat.sys
2009-01-29 13:50 . 2008-09-29 11:21   133,632   -----c---   c:\windows\system32\dllcache\exfat.sys
2009-01-29 13:50 . 2008-09-30 07:22   57,344   ---------   c:\windows\system32\uexfat.dll
2009-01-29 13:50 . 2008-09-30 07:22   57,344   -----c---   c:\windows\system32\dllcache\uexfat.dll
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2009-01-26 20:09 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2009-01-21 21:11 . 2009-01-21 21:11   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji\Softland
2009-01-18 12:32 . 2009-01-18 12:32   <DIR>   d--------   c:\documents and settings\MPajonk\Dane aplikacji\DivX
2009-01-16 18:24 . 2009-01-16 18:24   70,936   --a------   c:\windows\system32\PhysXLoader.dll
2009-01-16 15:56 . 2008-01-21 17:43   4,244,744   --a------   c:\windows\system32\qtp-mt334.dll
2009-01-16 15:56 . 2008-01-21 17:43   247,560   --a------   c:\windows\system32\prgiso.dll
2009-01-16 15:56 . 2008-01-21 17:43   39,472   --a------   c:\windows\system32\drivers\hotcore3.sys
2009-01-16 15:56 . 2008-01-21 17:43   13,576   --a------   c:\windows\system32\wnaspi32.dll
2009-01-16 15:28 . 2009-02-07 18:23   2,145,386,496   --a------   c:\windows\MEMORY.DMP
2009-01-15 14:39 . 2009-01-12 15:23   20,632   --a------   c:\windows\system32\dopdfmn6.dll
2009-01-15 14:39 . 2009-01-12 15:23   18,072   --a------   c:\windows\system32\dopdfmi6.dll
2009-01-15 14:39 . 2008-10-13 15:23   7,533   --a------   c:\windows\system32\dopdf6.ctm
2009-01-14 07:43 . 2009-01-14 07:43   <DIR>   d--hs----   C:\Boot
2009-01-14 07:43 . 2008-12-13 08:03   377,151   -rahs----   C:\bootmgr
2009-01-14 07:43 . 2009-01-14 07:43   8,192   -rahs----   C:\BOOTSECT.BAK
2009-01-13 19:26 . 2009-01-13 19:26   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\STDUConverter
2009-01-13 19:19 . 2009-01-13 19:19   <DIR>   d--------   c:\program files\Common Files\STDUtility
2009-01-12 12:12 . 2009-01-12 12:48   <DIR>   d--------   c:\documents and settings\MPajonk\.VirtualBox
2009-01-12 12:11 . 2008-12-17 10:57   129,552   --a------   c:\windows\system32\VBoxNetFltNotify.dll
2009-01-12 12:11 . 2008-12-17 10:56   100,368   --a------   c:\windows\system32\drivers\VBoxDrv.sys
2009-01-12 12:11 . 2008-12-17 10:56   81,360   --a------   c:\windows\system32\drivers\VBoxNetFlt.sys
2009-01-12 12:11 . 2008-12-17 10:56   41,680   --a------   c:\windows\system32\drivers\VBoxUSBMon.sys
2009-01-10 16:17 . 2009-01-10 16:17   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-01-10 16:01 . 2009-01-10 16:03   <DIR>   d--------   c:\documents and settings\MPajonk\Dane aplikacji\InfraRecorder

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 17:19   ---------   d-----w   c:\documents and settings\MPajonk\Dane aplikacji\uTorrent
2009-02-06 22:46   202,040   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-02-06 22:46   137,688   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-05 15:33   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-02 14:31   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-02-02 14:31   ---------   d-----w   c:\program files\AGEIA Technologies
2009-01-16 13:46   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-10 15:17   ---------   d-----w   c:\documents and settings\MPajonk\Dane aplikacji\Ashampoo
2009-01-05 11:22   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-01-05 11:22   ---------   d-----w   c:\program files\Sun
2009-01-05 11:22   ---------   d-----w   c:\program files\Java
2008-12-22 12:17   66,872   ----a-w   c:\windows\system32\PnkBstrA.exe
2008-12-11 10:57   333,952   ----a-w   c:\windows\system32\drivers\srv.sys
2008-12-11 00:33   86,016   ----a-w   c:\windows\system32\dpl100.dll
2008-12-11 00:33   200,704   ----a-w   c:\windows\system32\dtu100.dll
2008-12-09 02:28   593,920   ----a-w   c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28   57,344   ----a-w   c:\windows\system32\dpv11.dll
2008-12-09 02:28   344,064   ----a-w   c:\windows\system32\dpus11.dll
2008-12-09 02:28   294,912   ----a-w   c:\windows\system32\dpu11.dll
2008-12-08 16:33   43,520   ----a-w   c:\windows\system32\CmdLineExt03.dll
2008-12-08 16:27   2,829   ----a-w   c:\windows\DIIUnin.pif
2008-12-08 16:27   106,496   ----a-w   c:\windows\DIIUnin.exe
2008-12-08 15:53   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-12-08 12:57   ---------   d-----w   c:\documents and settings\MPajonk\Dane aplikacji\Thinstall
2008-12-04 08:28   24,344   ----a-w   c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55   288,024   ----a-w   c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38   288,024   ----a-w   c:\windows\system32\PhysXCompatCplUI.exe
2008-11-10 18:34   21,840   ----atw   c:\windows\system32\SIntfNT.dll
2008-11-10 18:34   17,212   ----atw   c:\windows\system32\SIntf32.dll
2008-11-10 18:34   12,067   ----atw   c:\windows\system32\SIntf16.dll
2008-09-24 08:36   22,328   ----a-w   c:\documents and settings\MPajonk\Dane aplikacji\PnkBstrK.sys
2006-06-23 06:48   32,768   ----a-r   c:\windows\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\MPajonk\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\Avast\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 d:\programy\Adobe Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-04-09 10:00 826880 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-12 14:01 133104 c:\documents and settings\MPajonk\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 11:36 229376 d:\programy\Nokia\PCSUIT~1\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="d:\programy\CloneCD\CloneCDTray.exe" /s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Gry\\CoD 4\\iw3mp.exe"=
"d:\\Programy\\Tlen\\tlen.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-01-16 39472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-01-12 81360]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-23 111184]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-01-12 100368]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-01-12 41680]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-23 20560]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-09-23 16269]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - f:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5098c38-8987-11dd-9c2c-806d6172696f}]
\Shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - f:\directx\dxsetup.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-329068152-725345543-1004.job
- c:\documents and settings\MPajonk\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-12 14:01]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\MPajonk\Dane aplikacji\Mozilla\Firefox\Profiles\crkpybgb.default\
FF - plugin: c:\documents and settings\MPajonk\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\programy\Adobe Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\programy\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera\program\plugins\NPOFF12.DLL
FF - plugin: d:\programy\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programy\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\programy\Real Alternative\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 18:56:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1715567821-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE6E6B50-FB3B-34CE-2C13-FE9432396BD3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hafhmolfmhlohkcc"=hex:6e,62,61,68,6c,66,67,6d,69,69,6e,6f,64,69,70,64,6e,6f,
   67,62,6b,6b,65,61,6c,64,6f,6a,61,65,62,64,6d,65,65,66,61,67,68,6b,64,6b,63,\
"jafhmolfmhlohkccclie"=hex:66,61,61,68,6a,66,6a,63,6e,69,6d,6d,00,08
"paninbfchoiceljcilnglphmhlnanpeg"=hex:65,61,61,68,6c,66,70,62,6b,70,00,6d

[HKEY_USERS\S-1-5-21-1715567821-329068152-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,de,c9,2c,35,7b,ed,8f,d6,c0,cd,1f,82,1f,e5,16,dc,79,f2,09,95,da,ad,
   ce,ea,ed,04,96,33,5d,be,7d,3a,39,73,41,3f,2f,95,1e,64,17,5f,f1,7c,9c,90,ee,\
"??"=hex:89,70,a9,1f,8a,51,98,e4,ce,14,e3,83,af,79,dd,54

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_09da&Pid_000e\7&375ffe74&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\CLBCATQ.DLL
.
Czas ukończenia: 2009-02-07 18:57:20
ComboFix-quarantined-files.txt  2009-02-07 17:57:17

Przed: 8 045 129 728 bajtów wolnych
Po: 8,054,886,400 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
202


cos jeszcze siedzi? czy raczej czysto?

[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.
7. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

[mpajonk]

Kod: Zaznacz wszystko

Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1973 MB

Boot State           : Fail-safe with network boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "KernelFaultCheck"

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

hdcleaner jest po niemiecku czy jakiemus i nie jestem w stanie go odpalic.

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
niedziela, 8 luty 2009
System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Sunday, February 08, 2009 09:54:59
Liczba wpisów: 1767892
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   C:\
   D:\
   E:\
   F:\
   G:\

Statystyki skanowania:
   Przeskanowanych plików: 81433
   Nazwa zagrożenia: 1
   Zainfekowanych obiektów: 1
   Podejrzanych obiektów: 0
   Czas skanowania: 01:23:29


Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
C:\Qoobox\Quarantine\C\WINDOWS\system32\30004.dll.vir   Zainfekowany: Trojan.Win32.Agent2.bhe   1

Wybrany obszar został przeskanowany.


niby jest czysty. ale wczoraj jak odpalilem kompa w normalnym trybie, to po jakims czasie znow ten niebieski ekran i znow wpis z 'KernelFaultCheck' sie pojawia.

mozliwe ze cos jeszcze zostalo? czy to jakies inne bledy? przed infekcja sie nie pokazywaly.

[wojtas]

skasuJ;

C:\Qoobox

skasuj;

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

[mpajonk]

problem wciaz sie powtarza. po jakims czasie blad - niebieski ekran.

[wojtas]

przepisz kod z tego ekranu i podaj go na forum

[mpajonk]

0x000000BE (0x006100B0 0x6FDE5025 0xB629C898 0x0000000A)

[wojtas]

looknij tu:

http://technet.microsoft.com/pl-pl/library/cc785339.aspx

oraz:

http://www.google.pl/search?hl=pl&client=firefox-a&rls=org.mozilla%3Apl%3Aofficial&hs=b5U&q=0x000000BE&btnG=Szukaj&lr=lang_pl